1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 2001-2007, by Cisco Systems, Inc. All rights reserved.
5 * Copyright (c) 2008-2012, by Randall Stewart. All rights reserved.
6 * Copyright (c) 2008-2012, by Michael Tuexen. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions are met:
10 *
11 * a) Redistributions of source code must retain the above copyright notice,
12 * this list of conditions and the following disclaimer.
13 *
14 * b) Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the distribution.
17 *
18 * c) Neither the name of Cisco Systems, Inc. nor the names of its
19 * contributors may be used to endorse or promote products derived
20 * from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
26 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
32 * THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #define _IP_VHL
36 #include <netinet/sctp_os.h>
37 #include <netinet/sctp_pcb.h>
38 #ifdef INET6
39 #endif
40 #include <netinet/sctp_var.h>
41 #include <netinet/sctp_sysctl.h>
42 #include <netinet/sctp_timer.h>
43 #include <netinet/sctputil.h>
44 #include <netinet/sctp_output.h>
45 #include <netinet/sctp_header.h>
46 #include <netinet/sctp_indata.h>
47 #include <netinet/sctp_asconf.h>
48 #include <netinet/sctp_input.h>
49 #include <netinet/sctp.h>
50 #include <netinet/sctp_uio.h>
51 #if defined(INET) || defined(INET6)
52 #include <netinet/udp.h>
53 #endif
54
55 void
sctp_audit_retranmission_queue(struct sctp_association * asoc)56 sctp_audit_retranmission_queue(struct sctp_association *asoc)
57 {
58 struct sctp_tmit_chunk *chk;
59
60 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit invoked on send queue cnt:%d onqueue:%d\n",
61 asoc->sent_queue_retran_cnt,
62 asoc->sent_queue_cnt);
63 asoc->sent_queue_retran_cnt = 0;
64 asoc->sent_queue_cnt = 0;
65 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
66 if (chk->sent == SCTP_DATAGRAM_RESEND) {
67 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
68 }
69 asoc->sent_queue_cnt++;
70 }
71 TAILQ_FOREACH(chk, &asoc->control_send_queue, sctp_next) {
72 if (chk->sent == SCTP_DATAGRAM_RESEND) {
73 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
74 }
75 }
76 TAILQ_FOREACH(chk, &asoc->asconf_send_queue, sctp_next) {
77 if (chk->sent == SCTP_DATAGRAM_RESEND) {
78 sctp_ucount_incr(asoc->sent_queue_retran_cnt);
79 }
80 }
81 SCTPDBG(SCTP_DEBUG_TIMER4, "Audit completes retran:%d onqueue:%d\n",
82 asoc->sent_queue_retran_cnt,
83 asoc->sent_queue_cnt);
84 }
85
86 static int
sctp_threshold_management(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net,uint16_t threshold)87 sctp_threshold_management(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
88 struct sctp_nets *net, uint16_t threshold)
89 {
90 KASSERT(stcb != NULL, ("stcb is NULL"));
91 SCTP_TCB_LOCK_ASSERT(stcb);
92
93 if (net != NULL) {
94 net->error_count++;
95 SCTPDBG(SCTP_DEBUG_TIMER4, "Error count for %p now %d thresh:%d\n",
96 (void *)net, net->error_count,
97 net->failure_threshold);
98 if (net->error_count > net->failure_threshold) {
99 /* We had a threshold failure */
100 if (net->dest_state & SCTP_ADDR_REACHABLE) {
101 net->dest_state &= ~SCTP_ADDR_REACHABLE;
102 net->dest_state &= ~SCTP_ADDR_REQ_PRIMARY;
103 net->dest_state &= ~SCTP_ADDR_PF;
104 sctp_ulp_notify(SCTP_NOTIFY_INTERFACE_DOWN,
105 stcb, 0,
106 (void *)net, SCTP_SO_NOT_LOCKED);
107 }
108 } else if ((net->pf_threshold < net->failure_threshold) &&
109 (net->error_count > net->pf_threshold)) {
110 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
111 net->dest_state |= SCTP_ADDR_PF;
112 net->last_active = sctp_get_tick_count();
113 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
114 sctp_timer_stop(SCTP_TIMER_TYPE_HEARTBEAT,
115 inp, stcb, net,
116 SCTP_FROM_SCTP_TIMER + SCTP_LOC_1);
117 sctp_timer_start(SCTP_TIMER_TYPE_HEARTBEAT, inp, stcb, net);
118 }
119 }
120 if ((net->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) {
121 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
122 sctp_misc_ints(SCTP_THRESHOLD_INCR,
123 stcb->asoc.overall_error_count,
124 (stcb->asoc.overall_error_count + 1),
125 SCTP_FROM_SCTP_TIMER,
126 __LINE__);
127 }
128 stcb->asoc.overall_error_count++;
129 }
130 } else {
131 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_THRESHOLD_LOGGING) {
132 sctp_misc_ints(SCTP_THRESHOLD_INCR,
133 stcb->asoc.overall_error_count,
134 (stcb->asoc.overall_error_count + 1),
135 SCTP_FROM_SCTP_TIMER,
136 __LINE__);
137 }
138 stcb->asoc.overall_error_count++;
139 }
140 SCTPDBG(SCTP_DEBUG_TIMER4, "Overall error count for %p now %d thresh:%u state:%x\n",
141 (void *)&stcb->asoc, stcb->asoc.overall_error_count,
142 (uint32_t)threshold,
143 ((net == NULL) ? (uint32_t)0 : (uint32_t)net->dest_state));
144 /*
145 * We specifically do not do >= to give the assoc one more change
146 * before we fail it.
147 */
148 if (stcb->asoc.overall_error_count > threshold) {
149 /* Abort notification sends a ULP notify */
150 struct mbuf *op_err;
151
152 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
153 "Association error counter exceeded");
154 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_2;
155 sctp_abort_an_association(inp, stcb, op_err, true, SCTP_SO_NOT_LOCKED);
156 return (1);
157 }
158 return (0);
159 }
160
161 /*
162 * sctp_find_alternate_net() returns a non-NULL pointer as long as there
163 * exists nets, which are not being deleted.
164 */
165 struct sctp_nets *
sctp_find_alternate_net(struct sctp_tcb * stcb,struct sctp_nets * net,int mode)166 sctp_find_alternate_net(struct sctp_tcb *stcb,
167 struct sctp_nets *net,
168 int mode)
169 {
170 /* Find and return an alternate network if possible */
171 struct sctp_nets *alt, *mnet, *min_errors_net = NULL, *max_cwnd_net = NULL;
172 bool looped;
173
174 /* JRS 5/14/07 - Initialize min_errors to an impossible value. */
175 int min_errors = -1;
176 uint32_t max_cwnd = 0;
177
178 if (stcb->asoc.numnets == 1) {
179 /* No selection can be made. */
180 return (TAILQ_FIRST(&stcb->asoc.nets));
181 }
182 /*
183 * JRS 5/14/07 - If mode is set to 2, use the CMT PF find alternate
184 * net algorithm. This algorithm chooses the active destination (not
185 * in PF state) with the largest cwnd value. If all destinations are
186 * in PF state, unreachable, or unconfirmed, choose the destination
187 * that is in PF state with the lowest error count. In case of a
188 * tie, choose the destination that was most recently active.
189 */
190 if (mode == 2) {
191 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
192 /*
193 * JRS 5/14/07 - If the destination is unreachable
194 * or unconfirmed, skip it.
195 */
196 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
197 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
198 continue;
199 }
200 /*
201 * JRS 5/14/07 - If the destination is reachable
202 * but in PF state, compare the error count of the
203 * destination to the minimum error count seen thus
204 * far. Store the destination with the lower error
205 * count. If the error counts are equal, store the
206 * destination that was most recently active.
207 */
208 if (mnet->dest_state & SCTP_ADDR_PF) {
209 /*
210 * JRS 5/14/07 - If the destination under
211 * consideration is the current destination,
212 * work as if the error count is one higher.
213 * The actual error count will not be
214 * incremented until later in the t3
215 * handler.
216 */
217 if (mnet == net) {
218 if (min_errors == -1) {
219 min_errors = mnet->error_count + 1;
220 min_errors_net = mnet;
221 } else if (mnet->error_count + 1 < min_errors) {
222 min_errors = mnet->error_count + 1;
223 min_errors_net = mnet;
224 } else if (mnet->error_count + 1 == min_errors
225 && mnet->last_active > min_errors_net->last_active) {
226 min_errors_net = mnet;
227 min_errors = mnet->error_count + 1;
228 }
229 continue;
230 } else {
231 if (min_errors == -1) {
232 min_errors = mnet->error_count;
233 min_errors_net = mnet;
234 } else if (mnet->error_count < min_errors) {
235 min_errors = mnet->error_count;
236 min_errors_net = mnet;
237 } else if (mnet->error_count == min_errors
238 && mnet->last_active > min_errors_net->last_active) {
239 min_errors_net = mnet;
240 min_errors = mnet->error_count;
241 }
242 continue;
243 }
244 }
245 /*
246 * JRS 5/14/07 - If the destination is reachable and
247 * not in PF state, compare the cwnd of the
248 * destination to the highest cwnd seen thus far.
249 * Store the destination with the higher cwnd value.
250 * If the cwnd values are equal, randomly choose one
251 * of the two destinations.
252 */
253 if (max_cwnd < mnet->cwnd) {
254 max_cwnd_net = mnet;
255 max_cwnd = mnet->cwnd;
256 } else if (max_cwnd == mnet->cwnd) {
257 uint32_t rndval;
258 uint8_t this_random;
259
260 if (stcb->asoc.hb_random_idx > 3) {
261 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
262 memcpy(stcb->asoc.hb_random_values, &rndval, sizeof(stcb->asoc.hb_random_values));
263 this_random = stcb->asoc.hb_random_values[0];
264 stcb->asoc.hb_random_idx++;
265 stcb->asoc.hb_ect_randombit = 0;
266 } else {
267 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
268 stcb->asoc.hb_random_idx++;
269 stcb->asoc.hb_ect_randombit = 0;
270 }
271 if (this_random % 2 == 1) {
272 max_cwnd_net = mnet;
273 max_cwnd = mnet->cwnd; /* Useless? */
274 }
275 }
276 }
277 if (max_cwnd_net == NULL) {
278 if (min_errors_net == NULL) {
279 return (net);
280 }
281 return (min_errors_net);
282 } else {
283 return (max_cwnd_net);
284 }
285 } /* JRS 5/14/07 - If mode is set to 1, use the
286 * CMT policy for choosing an alternate net. */
287 else if (mode == 1) {
288 TAILQ_FOREACH(mnet, &stcb->asoc.nets, sctp_next) {
289 if (((mnet->dest_state & SCTP_ADDR_REACHABLE) != SCTP_ADDR_REACHABLE) ||
290 (mnet->dest_state & SCTP_ADDR_UNCONFIRMED)) {
291 /*
292 * will skip ones that are not-reachable or
293 * unconfirmed
294 */
295 continue;
296 }
297 if (max_cwnd < mnet->cwnd) {
298 max_cwnd_net = mnet;
299 max_cwnd = mnet->cwnd;
300 } else if (max_cwnd == mnet->cwnd) {
301 uint32_t rndval;
302 uint8_t this_random;
303
304 if (stcb->asoc.hb_random_idx > 3) {
305 rndval = sctp_select_initial_TSN(&stcb->sctp_ep->sctp_ep);
306 memcpy(stcb->asoc.hb_random_values, &rndval,
307 sizeof(stcb->asoc.hb_random_values));
308 this_random = stcb->asoc.hb_random_values[0];
309 stcb->asoc.hb_random_idx = 0;
310 stcb->asoc.hb_ect_randombit = 0;
311 } else {
312 this_random = stcb->asoc.hb_random_values[stcb->asoc.hb_random_idx];
313 stcb->asoc.hb_random_idx++;
314 stcb->asoc.hb_ect_randombit = 0;
315 }
316 if (this_random % 2) {
317 max_cwnd_net = mnet;
318 max_cwnd = mnet->cwnd;
319 }
320 }
321 }
322 if (max_cwnd_net) {
323 return (max_cwnd_net);
324 }
325 }
326 /* Look for an alternate net, which is active. */
327 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
328 alt = TAILQ_NEXT(net, sctp_next);
329 } else {
330 alt = TAILQ_FIRST(&stcb->asoc.nets);
331 }
332 looped = false;
333 for (;;) {
334 if (alt == NULL) {
335 if (!looped) {
336 alt = TAILQ_FIRST(&stcb->asoc.nets);
337 looped = true;
338 }
339 /* Definitely out of candidates. */
340 if (alt == NULL) {
341 break;
342 }
343 }
344 if (alt->ro.ro_nh == NULL) {
345 if (alt->ro._s_addr) {
346 sctp_free_ifa(alt->ro._s_addr);
347 alt->ro._s_addr = NULL;
348 }
349 alt->src_addr_selected = 0;
350 }
351 if (((alt->dest_state & SCTP_ADDR_REACHABLE) == SCTP_ADDR_REACHABLE) &&
352 (alt->ro.ro_nh != NULL) &&
353 ((alt->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) &&
354 (alt != net)) {
355 /* Found an alternate net, which is reachable. */
356 break;
357 }
358 alt = TAILQ_NEXT(alt, sctp_next);
359 }
360
361 if (alt == NULL) {
362 /*
363 * In case no active alternate net has been found, look for
364 * an alternate net, which is confirmed.
365 */
366 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
367 alt = TAILQ_NEXT(net, sctp_next);
368 } else {
369 alt = TAILQ_FIRST(&stcb->asoc.nets);
370 }
371 looped = false;
372 for (;;) {
373 if (alt == NULL) {
374 if (!looped) {
375 alt = TAILQ_FIRST(&stcb->asoc.nets);
376 looped = true;
377 }
378 /* Definitely out of candidates. */
379 if (alt == NULL) {
380 break;
381 }
382 }
383 if (((alt->dest_state & SCTP_ADDR_UNCONFIRMED) == 0) &&
384 (alt != net)) {
385 /*
386 * Found an alternate net, which is
387 * confirmed.
388 */
389 break;
390 }
391 alt = TAILQ_NEXT(alt, sctp_next);
392 }
393 }
394 if (alt == NULL) {
395 /*
396 * In case no confirmed alternate net has been found, just
397 * return net, if it is not being deleted. In the other case
398 * just return the first net.
399 */
400 if ((net != NULL) && ((net->dest_state & SCTP_ADDR_BEING_DELETED) == 0)) {
401 alt = net;
402 }
403 if (alt == NULL) {
404 alt = TAILQ_FIRST(&stcb->asoc.nets);
405 }
406 }
407 return (alt);
408 }
409
410 static void
sctp_backoff_on_timeout(struct sctp_tcb * stcb,struct sctp_nets * net,int win_probe,int num_marked,int num_abandoned)411 sctp_backoff_on_timeout(struct sctp_tcb *stcb,
412 struct sctp_nets *net,
413 int win_probe,
414 int num_marked, int num_abandoned)
415 {
416 if (net->RTO == 0) {
417 if (net->RTO_measured) {
418 net->RTO = stcb->asoc.minrto;
419 } else {
420 net->RTO = stcb->asoc.initial_rto;
421 }
422 }
423 net->RTO <<= 1;
424 if (net->RTO > stcb->asoc.maxrto) {
425 net->RTO = stcb->asoc.maxrto;
426 }
427 if ((win_probe == 0) && (num_marked || num_abandoned)) {
428 /* We don't apply penalty to window probe scenarios */
429 /* JRS - Use the congestion control given in the CC module */
430 stcb->asoc.cc_functions.sctp_cwnd_update_after_timeout(stcb, net);
431 }
432 }
433
434 #ifndef INVARIANTS
435 static void
sctp_recover_sent_list(struct sctp_tcb * stcb)436 sctp_recover_sent_list(struct sctp_tcb *stcb)
437 {
438 struct sctp_tmit_chunk *chk, *nchk;
439 struct sctp_association *asoc;
440
441 asoc = &stcb->asoc;
442 TAILQ_FOREACH_SAFE(chk, &asoc->sent_queue, sctp_next, nchk) {
443 if (SCTP_TSN_GE(asoc->last_acked_seq, chk->rec.data.tsn)) {
444 SCTP_PRINTF("Found chk:%p tsn:%x <= last_acked_seq:%x\n",
445 (void *)chk, chk->rec.data.tsn, asoc->last_acked_seq);
446 if (chk->sent != SCTP_DATAGRAM_NR_ACKED) {
447 if (asoc->strmout[chk->rec.data.sid].chunks_on_queues > 0) {
448 asoc->strmout[chk->rec.data.sid].chunks_on_queues--;
449 }
450 }
451 if ((asoc->strmout[chk->rec.data.sid].chunks_on_queues == 0) &&
452 (asoc->strmout[chk->rec.data.sid].state == SCTP_STREAM_RESET_PENDING) &&
453 TAILQ_EMPTY(&asoc->strmout[chk->rec.data.sid].outqueue)) {
454 asoc->trigger_reset = 1;
455 }
456 TAILQ_REMOVE(&asoc->sent_queue, chk, sctp_next);
457 if (PR_SCTP_ENABLED(chk->flags)) {
458 if (asoc->pr_sctp_cnt != 0)
459 asoc->pr_sctp_cnt--;
460 }
461 if (chk->data) {
462 /* sa_ignore NO_NULL_CHK */
463 sctp_free_bufspace(stcb, asoc, chk, 1);
464 sctp_m_freem(chk->data);
465 chk->data = NULL;
466 if (asoc->prsctp_supported && PR_SCTP_BUF_ENABLED(chk->flags)) {
467 asoc->sent_queue_cnt_removeable--;
468 }
469 }
470 asoc->sent_queue_cnt--;
471 sctp_free_a_chunk(stcb, chk, SCTP_SO_NOT_LOCKED);
472 }
473 }
474 SCTP_PRINTF("after recover order is as follows\n");
475 TAILQ_FOREACH(chk, &asoc->sent_queue, sctp_next) {
476 SCTP_PRINTF("chk:%p TSN:%x\n", (void *)chk, chk->rec.data.tsn);
477 }
478 }
479 #endif
480
481 static int
sctp_mark_all_for_resend(struct sctp_tcb * stcb,struct sctp_nets * net,struct sctp_nets * alt,int window_probe,int * num_marked,int * num_abandoned)482 sctp_mark_all_for_resend(struct sctp_tcb *stcb,
483 struct sctp_nets *net,
484 struct sctp_nets *alt,
485 int window_probe,
486 int *num_marked,
487 int *num_abandoned)
488 {
489
490 /*
491 * Mark all chunks (well not all) that were sent to *net for
492 * retransmission. Move them to alt for there destination as well...
493 * We only mark chunks that have been outstanding long enough to
494 * have received feed-back.
495 */
496 struct sctp_tmit_chunk *chk, *nchk;
497 struct sctp_nets *lnets;
498 struct timeval now, min_wait, tv;
499 int cur_rto;
500 int cnt_abandoned;
501 int audit_tf, num_mk, fir;
502 unsigned int cnt_mk;
503 uint32_t orig_flight, orig_tf;
504 uint32_t tsnlast, tsnfirst;
505 #ifndef INVARIANTS
506 int recovery_cnt = 0;
507 #endif
508
509 /* none in flight now */
510 audit_tf = 0;
511 fir = 0;
512 /*
513 * figure out how long a data chunk must be pending before we can
514 * mark it ..
515 */
516 (void)SCTP_GETTIME_TIMEVAL(&now);
517 /* get cur rto in micro-seconds */
518 cur_rto = (net->lastsa >> SCTP_RTT_SHIFT) + net->lastsv;
519 cur_rto *= 1000;
520 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
521 sctp_log_fr(cur_rto,
522 stcb->asoc.peers_rwnd,
523 window_probe,
524 SCTP_FR_T3_MARK_TIME);
525 sctp_log_fr(net->flight_size, 0, 0, SCTP_FR_CWND_REPORT);
526 sctp_log_fr(net->flight_size, net->cwnd, stcb->asoc.total_flight, SCTP_FR_CWND_REPORT);
527 }
528 tv.tv_sec = cur_rto / 1000000;
529 tv.tv_usec = cur_rto % 1000000;
530 min_wait = now;
531 timevalsub(&min_wait, &tv);
532 if (min_wait.tv_sec < 0 || min_wait.tv_usec < 0) {
533 /*
534 * if we hit here, we don't have enough seconds on the clock
535 * to account for the RTO. We just let the lower seconds be
536 * the bounds and don't worry about it. This may mean we
537 * will mark a lot more than we should.
538 */
539 min_wait.tv_sec = min_wait.tv_usec = 0;
540 }
541 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
542 sctp_log_fr(cur_rto, (uint32_t)now.tv_sec, now.tv_usec, SCTP_FR_T3_MARK_TIME);
543 sctp_log_fr(0, (uint32_t)min_wait.tv_sec, min_wait.tv_usec, SCTP_FR_T3_MARK_TIME);
544 }
545 /*
546 * Our rwnd will be incorrect here since we are not adding back the
547 * cnt * mbuf but we will fix that down below.
548 */
549 orig_flight = net->flight_size;
550 orig_tf = stcb->asoc.total_flight;
551
552 net->fast_retran_ip = 0;
553 /* Now on to each chunk */
554 cnt_abandoned = 0;
555 num_mk = cnt_mk = 0;
556 tsnfirst = tsnlast = 0;
557 #ifndef INVARIANTS
558 start_again:
559 #endif
560 TAILQ_FOREACH_SAFE(chk, &stcb->asoc.sent_queue, sctp_next, nchk) {
561 if (SCTP_TSN_GE(stcb->asoc.last_acked_seq, chk->rec.data.tsn)) {
562 /* Strange case our list got out of order? */
563 SCTP_PRINTF("Our list is out of order? last_acked:%x chk:%x\n",
564 (unsigned int)stcb->asoc.last_acked_seq, (unsigned int)chk->rec.data.tsn);
565 #ifdef INVARIANTS
566 panic("last acked >= chk on sent-Q");
567 #else
568 recovery_cnt++;
569 SCTP_PRINTF("Recover attempts a restart cnt:%d\n", recovery_cnt);
570 sctp_recover_sent_list(stcb);
571 if (recovery_cnt < 10) {
572 goto start_again;
573 } else {
574 SCTP_PRINTF("Recovery fails %d times??\n", recovery_cnt);
575 }
576 #endif
577 }
578 if ((chk->whoTo == net) && (chk->sent < SCTP_DATAGRAM_ACKED)) {
579 /*
580 * found one to mark: If it is less than
581 * DATAGRAM_ACKED it MUST not be a skipped or marked
582 * TSN but instead one that is either already set
583 * for retransmission OR one that needs
584 * retransmission.
585 */
586
587 /* validate its been outstanding long enough */
588 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
589 sctp_log_fr(chk->rec.data.tsn,
590 (uint32_t)chk->sent_rcv_time.tv_sec,
591 chk->sent_rcv_time.tv_usec,
592 SCTP_FR_T3_MARK_TIME);
593 }
594 if ((chk->sent_rcv_time.tv_sec > min_wait.tv_sec) && (window_probe == 0)) {
595 /*
596 * we have reached a chunk that was sent
597 * some seconds past our min.. forget it we
598 * will find no more to send.
599 */
600 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
601 sctp_log_fr(0,
602 (uint32_t)chk->sent_rcv_time.tv_sec,
603 chk->sent_rcv_time.tv_usec,
604 SCTP_FR_T3_STOPPED);
605 }
606 continue;
607 } else if ((chk->sent_rcv_time.tv_sec == min_wait.tv_sec) &&
608 (window_probe == 0)) {
609 /*
610 * we must look at the micro seconds to
611 * know.
612 */
613 if (chk->sent_rcv_time.tv_usec >= min_wait.tv_usec) {
614 /*
615 * ok it was sent after our boundary
616 * time.
617 */
618 continue;
619 }
620 }
621 if (stcb->asoc.prsctp_supported && PR_SCTP_TTL_ENABLED(chk->flags)) {
622 /* Is it expired? */
623 if (timevalcmp(&now, &chk->rec.data.timetodrop, >)) {
624 /* Yes so drop it */
625 if (chk->data) {
626 (void)sctp_release_pr_sctp_chunk(stcb,
627 chk,
628 1,
629 SCTP_SO_NOT_LOCKED);
630 cnt_abandoned++;
631 }
632 continue;
633 }
634 }
635 if (stcb->asoc.prsctp_supported && PR_SCTP_RTX_ENABLED(chk->flags)) {
636 /* Has it been retransmitted tv_sec times? */
637 if (chk->snd_count > chk->rec.data.timetodrop.tv_sec) {
638 if (chk->data) {
639 (void)sctp_release_pr_sctp_chunk(stcb,
640 chk,
641 1,
642 SCTP_SO_NOT_LOCKED);
643 cnt_abandoned++;
644 }
645 continue;
646 }
647 }
648 if (chk->sent < SCTP_DATAGRAM_RESEND) {
649 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
650 num_mk++;
651 if (fir == 0) {
652 fir = 1;
653 tsnfirst = chk->rec.data.tsn;
654 }
655 tsnlast = chk->rec.data.tsn;
656 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
657 sctp_log_fr(chk->rec.data.tsn, chk->snd_count,
658 0, SCTP_FR_T3_MARKED);
659 }
660
661 if (chk->rec.data.chunk_was_revoked) {
662 /* deflate the cwnd */
663 chk->whoTo->cwnd -= chk->book_size;
664 chk->rec.data.chunk_was_revoked = 0;
665 }
666 net->marked_retrans++;
667 stcb->asoc.marked_retrans++;
668 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
669 sctp_misc_ints(SCTP_FLIGHT_LOG_DOWN_RSND_TO,
670 chk->whoTo->flight_size,
671 chk->book_size,
672 (uint32_t)(uintptr_t)chk->whoTo,
673 chk->rec.data.tsn);
674 }
675 sctp_flight_size_decrease(chk);
676 sctp_total_flight_decrease(stcb, chk);
677 stcb->asoc.peers_rwnd += chk->send_size;
678 stcb->asoc.peers_rwnd += SCTP_BASE_SYSCTL(sctp_peer_chunk_oh);
679 }
680 chk->sent = SCTP_DATAGRAM_RESEND;
681 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
682 SCTP_STAT_INCR(sctps_markedretrans);
683
684 /* reset the TSN for striking and other FR stuff */
685 chk->rec.data.doing_fast_retransmit = 0;
686 /* Clear any time so NO RTT is being done */
687
688 if (chk->do_rtt) {
689 if (chk->whoTo->rto_needed == 0) {
690 chk->whoTo->rto_needed = 1;
691 }
692 }
693 chk->do_rtt = 0;
694 if (alt != net) {
695 sctp_free_remote_addr(chk->whoTo);
696 chk->no_fr_allowed = 1;
697 chk->whoTo = alt;
698 atomic_add_int(&alt->ref_count, 1);
699 } else {
700 chk->no_fr_allowed = 0;
701 if (TAILQ_EMPTY(&stcb->asoc.send_queue)) {
702 chk->rec.data.fast_retran_tsn = stcb->asoc.sending_seq;
703 } else {
704 chk->rec.data.fast_retran_tsn = (TAILQ_FIRST(&stcb->asoc.send_queue))->rec.data.tsn;
705 }
706 }
707 /*
708 * CMT: Do not allow FRs on retransmitted TSNs.
709 */
710 if (stcb->asoc.sctp_cmt_on_off > 0) {
711 chk->no_fr_allowed = 1;
712 }
713 #ifdef THIS_SHOULD_NOT_BE_DONE
714 } else if (chk->sent == SCTP_DATAGRAM_ACKED) {
715 /* remember highest acked one */
716 could_be_sent = chk;
717 #endif
718 }
719 if (chk->sent == SCTP_DATAGRAM_RESEND) {
720 cnt_mk++;
721 }
722 }
723 if ((orig_flight - net->flight_size) != (orig_tf - stcb->asoc.total_flight)) {
724 /* we did not subtract the same things? */
725 audit_tf = 1;
726 }
727
728 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
729 sctp_log_fr(tsnfirst, tsnlast, num_mk, SCTP_FR_T3_TIMEOUT);
730 }
731 #ifdef SCTP_DEBUG
732 if (num_mk) {
733 SCTPDBG(SCTP_DEBUG_TIMER1, "LAST TSN marked was %x\n",
734 tsnlast);
735 SCTPDBG(SCTP_DEBUG_TIMER1, "Num marked for retransmission was %d peer-rwd:%u\n",
736 num_mk,
737 stcb->asoc.peers_rwnd);
738 }
739 #endif
740 *num_marked = num_mk;
741 *num_abandoned = cnt_abandoned;
742 /*
743 * Now check for a ECN Echo that may be stranded And include the
744 * cnt_mk'd to have all resends in the control queue.
745 */
746 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
747 if (chk->sent == SCTP_DATAGRAM_RESEND) {
748 cnt_mk++;
749 }
750 if ((chk->whoTo == net) &&
751 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
752 sctp_free_remote_addr(chk->whoTo);
753 chk->whoTo = alt;
754 if (chk->sent != SCTP_DATAGRAM_RESEND) {
755 chk->sent = SCTP_DATAGRAM_RESEND;
756 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
757 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
758 cnt_mk++;
759 }
760 atomic_add_int(&alt->ref_count, 1);
761 }
762 }
763 #ifdef THIS_SHOULD_NOT_BE_DONE
764 if ((stcb->asoc.sent_queue_retran_cnt == 0) && (could_be_sent)) {
765 /* fix it so we retransmit the highest acked anyway */
766 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
767 cnt_mk++;
768 could_be_sent->sent = SCTP_DATAGRAM_RESEND;
769 }
770 #endif
771 if (stcb->asoc.sent_queue_retran_cnt != cnt_mk) {
772 #ifdef INVARIANTS
773 SCTP_PRINTF("Local Audit says there are %d for retran asoc cnt:%d we marked:%d this time\n",
774 cnt_mk, stcb->asoc.sent_queue_retran_cnt, num_mk);
775 #endif
776 #ifndef SCTP_AUDITING_ENABLED
777 stcb->asoc.sent_queue_retran_cnt = cnt_mk;
778 #endif
779 }
780 if (audit_tf) {
781 SCTPDBG(SCTP_DEBUG_TIMER4,
782 "Audit total flight due to negative value net:%p\n",
783 (void *)net);
784 stcb->asoc.total_flight = 0;
785 stcb->asoc.total_flight_count = 0;
786 /* Clear all networks flight size */
787 TAILQ_FOREACH(lnets, &stcb->asoc.nets, sctp_next) {
788 lnets->flight_size = 0;
789 SCTPDBG(SCTP_DEBUG_TIMER4,
790 "Net:%p c-f cwnd:%d ssthresh:%d\n",
791 (void *)lnets, lnets->cwnd, lnets->ssthresh);
792 }
793 TAILQ_FOREACH(chk, &stcb->asoc.sent_queue, sctp_next) {
794 if (chk->sent < SCTP_DATAGRAM_RESEND) {
795 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FLIGHT_LOGGING_ENABLE) {
796 sctp_misc_ints(SCTP_FLIGHT_LOG_UP,
797 chk->whoTo->flight_size,
798 chk->book_size,
799 (uint32_t)(uintptr_t)chk->whoTo,
800 chk->rec.data.tsn);
801 }
802
803 sctp_flight_size_increase(chk);
804 sctp_total_flight_increase(stcb, chk);
805 }
806 }
807 }
808 /* We return 1 if we only have a window probe outstanding */
809 return (0);
810 }
811
812 int
sctp_t3rxt_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)813 sctp_t3rxt_timer(struct sctp_inpcb *inp,
814 struct sctp_tcb *stcb,
815 struct sctp_nets *net)
816 {
817 struct sctp_nets *alt;
818 int win_probe, num_mk, num_abandoned;
819
820 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_FR_LOGGING_ENABLE) {
821 sctp_log_fr(0, 0, 0, SCTP_FR_T3_TIMEOUT);
822 }
823 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_LOGGING_ENABLE) {
824 struct sctp_nets *lnet;
825
826 TAILQ_FOREACH(lnet, &stcb->asoc.nets, sctp_next) {
827 if (net == lnet) {
828 sctp_log_cwnd(stcb, lnet, 1, SCTP_CWND_LOG_FROM_T3);
829 } else {
830 sctp_log_cwnd(stcb, lnet, 0, SCTP_CWND_LOG_FROM_T3);
831 }
832 }
833 }
834 /* Find an alternate and mark those for retransmission */
835 if ((stcb->asoc.peers_rwnd == 0) &&
836 (stcb->asoc.total_flight < net->mtu)) {
837 SCTP_STAT_INCR(sctps_timowindowprobe);
838 win_probe = 1;
839 } else {
840 win_probe = 0;
841 }
842
843 if (win_probe == 0) {
844 /* We don't do normal threshold management on window probes */
845 if (sctp_threshold_management(inp, stcb, net,
846 stcb->asoc.max_send_times)) {
847 /* Association was destroyed */
848 return (1);
849 } else {
850 if (net != stcb->asoc.primary_destination) {
851 /* send a immediate HB if our RTO is stale */
852 struct timeval now;
853 uint32_t ms_goneby;
854
855 (void)SCTP_GETTIME_TIMEVAL(&now);
856 if (net->last_sent_time.tv_sec) {
857 ms_goneby = (uint32_t)(now.tv_sec - net->last_sent_time.tv_sec) * 1000;
858 } else {
859 ms_goneby = 0;
860 }
861 if ((net->dest_state & SCTP_ADDR_PF) == 0) {
862 if ((ms_goneby > net->RTO) || (net->RTO == 0)) {
863 /*
864 * no recent feed back in an
865 * RTO or more, request a
866 * RTT update
867 */
868 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
869 }
870 }
871 }
872 }
873 } else {
874 /*
875 * For a window probe we don't penalize the net's but only
876 * the association. This may fail it if SACKs are not coming
877 * back. If sack's are coming with rwnd locked at 0, we will
878 * continue to hold things waiting for rwnd to raise
879 */
880 if (sctp_threshold_management(inp, stcb, NULL,
881 stcb->asoc.max_send_times)) {
882 /* Association was destroyed */
883 return (1);
884 }
885 }
886 if (stcb->asoc.sctp_cmt_on_off > 0) {
887 if (net->pf_threshold < net->failure_threshold) {
888 alt = sctp_find_alternate_net(stcb, net, 2);
889 } else {
890 /*
891 * CMT: Using RTX_SSTHRESH policy for CMT. If CMT is
892 * being used, then pick dest with largest ssthresh
893 * for any retransmission.
894 */
895 alt = sctp_find_alternate_net(stcb, net, 1);
896 /*
897 * CUCv2: If a different dest is picked for the
898 * retransmission, then new (rtx-)pseudo_cumack
899 * needs to be tracked for orig dest. Let CUCv2
900 * track new (rtx-) pseudo-cumack always.
901 */
902 net->find_pseudo_cumack = 1;
903 net->find_rtx_pseudo_cumack = 1;
904 }
905 } else {
906 alt = sctp_find_alternate_net(stcb, net, 0);
907 }
908
909 num_mk = 0;
910 num_abandoned = 0;
911 (void)sctp_mark_all_for_resend(stcb, net, alt, win_probe,
912 &num_mk, &num_abandoned);
913 /* FR Loss recovery just ended with the T3. */
914 stcb->asoc.fast_retran_loss_recovery = 0;
915
916 /* CMT FR loss recovery ended with the T3 */
917 net->fast_retran_loss_recovery = 0;
918 if ((stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) &&
919 (net->flight_size == 0)) {
920 (*stcb->asoc.cc_functions.sctp_cwnd_new_transmission_begins) (stcb, net);
921 }
922
923 /*
924 * setup the sat loss recovery that prevents satellite cwnd advance.
925 */
926 stcb->asoc.sat_t3_loss_recovery = 1;
927 stcb->asoc.sat_t3_recovery_tsn = stcb->asoc.sending_seq;
928
929 /* Backoff the timer and cwnd */
930 sctp_backoff_on_timeout(stcb, net, win_probe, num_mk, num_abandoned);
931 if (((net->dest_state & SCTP_ADDR_REACHABLE) == 0) ||
932 (net->dest_state & SCTP_ADDR_PF)) {
933 /* Move all pending over too */
934 sctp_move_chunks_from_net(stcb, net);
935
936 /*
937 * Get the address that failed, to force a new src address
938 * selection and a route allocation.
939 */
940 if (net->ro._s_addr != NULL) {
941 sctp_free_ifa(net->ro._s_addr);
942 net->ro._s_addr = NULL;
943 }
944 net->src_addr_selected = 0;
945
946 /* Force a route allocation too */
947 RO_NHFREE(&net->ro);
948
949 /* Was it our primary? */
950 if ((stcb->asoc.primary_destination == net) && (alt != net)) {
951 /*
952 * Yes, note it as such and find an alternate note:
953 * this means HB code must use this to resent the
954 * primary if it goes active AND if someone does a
955 * change-primary then this flag must be cleared
956 * from any net structures.
957 */
958 if (stcb->asoc.alternate != NULL) {
959 sctp_free_remote_addr(stcb->asoc.alternate);
960 }
961 stcb->asoc.alternate = alt;
962 atomic_add_int(&stcb->asoc.alternate->ref_count, 1);
963 }
964 }
965 /*
966 * Special case for cookie-echo'ed case, we don't do output but must
967 * await the COOKIE-ACK before retransmission
968 */
969 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
970 /*
971 * Here we just reset the timer and start again since we
972 * have not established the asoc
973 */
974 sctp_timer_start(SCTP_TIMER_TYPE_SEND, inp, stcb, net);
975 return (0);
976 }
977 if (stcb->asoc.prsctp_supported) {
978 struct sctp_tmit_chunk *lchk;
979
980 lchk = sctp_try_advance_peer_ack_point(stcb, &stcb->asoc);
981 /* C3. See if we need to send a Fwd-TSN */
982 if (SCTP_TSN_GT(stcb->asoc.advanced_peer_ack_point, stcb->asoc.last_acked_seq)) {
983 send_forward_tsn(stcb, &stcb->asoc);
984 for (; lchk != NULL; lchk = TAILQ_NEXT(lchk, sctp_next)) {
985 if (lchk->whoTo != NULL) {
986 break;
987 }
988 }
989 if (lchk != NULL) {
990 /* Assure a timer is up */
991 sctp_timer_start(SCTP_TIMER_TYPE_SEND, stcb->sctp_ep, stcb, lchk->whoTo);
992 }
993 }
994 }
995 if (SCTP_BASE_SYSCTL(sctp_logging_level) & SCTP_CWND_MONITOR_ENABLE) {
996 sctp_log_cwnd(stcb, net, net->cwnd, SCTP_CWND_LOG_FROM_RTX);
997 }
998 return (0);
999 }
1000
1001 int
sctp_t1init_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1002 sctp_t1init_timer(struct sctp_inpcb *inp,
1003 struct sctp_tcb *stcb,
1004 struct sctp_nets *net)
1005 {
1006 /* bump the thresholds */
1007 if (stcb->asoc.delayed_connection) {
1008 /*
1009 * special hook for delayed connection. The library did NOT
1010 * complete the rest of its sends.
1011 */
1012 stcb->asoc.delayed_connection = 0;
1013 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1014 return (0);
1015 }
1016 if (SCTP_GET_STATE(stcb) != SCTP_STATE_COOKIE_WAIT) {
1017 return (0);
1018 }
1019 if (sctp_threshold_management(inp, stcb, net,
1020 stcb->asoc.max_init_times)) {
1021 /* Association was destroyed */
1022 return (1);
1023 }
1024 stcb->asoc.dropped_special_cnt = 0;
1025 sctp_backoff_on_timeout(stcb, stcb->asoc.primary_destination, 1, 0, 0);
1026 if (stcb->asoc.initial_init_rto_max < net->RTO) {
1027 net->RTO = stcb->asoc.initial_init_rto_max;
1028 }
1029 if (stcb->asoc.numnets > 1) {
1030 /* If we have more than one addr use it */
1031 struct sctp_nets *alt;
1032
1033 alt = sctp_find_alternate_net(stcb, stcb->asoc.primary_destination, 0);
1034 if (alt != stcb->asoc.primary_destination) {
1035 sctp_move_chunks_from_net(stcb, stcb->asoc.primary_destination);
1036 stcb->asoc.primary_destination = alt;
1037 }
1038 }
1039 /* Send out a new init */
1040 sctp_send_initiate(inp, stcb, SCTP_SO_NOT_LOCKED);
1041 return (0);
1042 }
1043
1044 /*
1045 * For cookie and asconf we actually need to find and mark for resend, then
1046 * increment the resend counter (after all the threshold management stuff of
1047 * course).
1048 */
1049 int
sctp_cookie_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net SCTP_UNUSED)1050 sctp_cookie_timer(struct sctp_inpcb *inp,
1051 struct sctp_tcb *stcb,
1052 struct sctp_nets *net SCTP_UNUSED)
1053 {
1054 struct sctp_nets *alt;
1055 struct sctp_tmit_chunk *cookie;
1056
1057 /* first before all else we must find the cookie */
1058 TAILQ_FOREACH(cookie, &stcb->asoc.control_send_queue, sctp_next) {
1059 if (cookie->rec.chunk_id.id == SCTP_COOKIE_ECHO) {
1060 break;
1061 }
1062 }
1063 if (cookie == NULL) {
1064 if (SCTP_GET_STATE(stcb) == SCTP_STATE_COOKIE_ECHOED) {
1065 /* FOOBAR! */
1066 struct mbuf *op_err;
1067
1068 op_err = sctp_generate_cause(SCTP_BASE_SYSCTL(sctp_diag_info_code),
1069 "Cookie timer expired, but no cookie");
1070 inp->last_abort_code = SCTP_FROM_SCTP_TIMER + SCTP_LOC_3;
1071 sctp_abort_an_association(inp, stcb, op_err, false, SCTP_SO_NOT_LOCKED);
1072 } else {
1073 #ifdef INVARIANTS
1074 panic("Cookie timer expires in wrong state?");
1075 #else
1076 SCTP_PRINTF("Strange in state %d not cookie-echoed yet c-e timer expires?\n", SCTP_GET_STATE(stcb));
1077 return (0);
1078 #endif
1079 }
1080 return (0);
1081 }
1082 /* Ok we found the cookie, threshold management next */
1083 if (sctp_threshold_management(inp, stcb, cookie->whoTo,
1084 stcb->asoc.max_init_times)) {
1085 /* Assoc is over */
1086 return (1);
1087 }
1088 /*
1089 * Cleared threshold management, now lets backoff the address and
1090 * select an alternate
1091 */
1092 stcb->asoc.dropped_special_cnt = 0;
1093 sctp_backoff_on_timeout(stcb, cookie->whoTo, 1, 0, 0);
1094 alt = sctp_find_alternate_net(stcb, cookie->whoTo, 0);
1095 if (alt != cookie->whoTo) {
1096 sctp_free_remote_addr(cookie->whoTo);
1097 cookie->whoTo = alt;
1098 atomic_add_int(&alt->ref_count, 1);
1099 }
1100 /* Now mark the retran info */
1101 if (cookie->sent != SCTP_DATAGRAM_RESEND) {
1102 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1103 }
1104 cookie->sent = SCTP_DATAGRAM_RESEND;
1105 cookie->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1106 /*
1107 * Now call the output routine to kick out the cookie again, Note we
1108 * don't mark any chunks for retran so that FR will need to kick in
1109 * to move these (or a send timer).
1110 */
1111 return (0);
1112 }
1113
1114 int
sctp_strreset_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1115 sctp_strreset_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1116 {
1117 struct sctp_nets *alt, *net;
1118 struct sctp_tmit_chunk *strrst = NULL, *chk = NULL;
1119
1120 if (stcb->asoc.stream_reset_outstanding == 0) {
1121 return (0);
1122 }
1123 /* find the existing STRRESET, we use the seq number we sent out on */
1124 (void)sctp_find_stream_reset(stcb, stcb->asoc.str_reset_seq_out, &strrst);
1125 if (strrst == NULL) {
1126 return (0);
1127 }
1128 net = strrst->whoTo;
1129 /* do threshold management */
1130 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1131 /* Assoc is over */
1132 return (1);
1133 }
1134 /*
1135 * Cleared threshold management, now lets backoff the address and
1136 * select an alternate
1137 */
1138 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1139 alt = sctp_find_alternate_net(stcb, net, 0);
1140 strrst->whoTo = alt;
1141 atomic_add_int(&alt->ref_count, 1);
1142
1143 /* See if a ECN Echo is also stranded */
1144 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1145 if ((chk->whoTo == net) &&
1146 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1147 sctp_free_remote_addr(chk->whoTo);
1148 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1149 chk->sent = SCTP_DATAGRAM_RESEND;
1150 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1151 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1152 }
1153 chk->whoTo = alt;
1154 atomic_add_int(&alt->ref_count, 1);
1155 }
1156 }
1157 if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
1158 /*
1159 * If the address went un-reachable, we need to move to
1160 * alternates for ALL chk's in queue
1161 */
1162 sctp_move_chunks_from_net(stcb, net);
1163 }
1164 sctp_free_remote_addr(net);
1165
1166 /* mark the retran info */
1167 if (strrst->sent != SCTP_DATAGRAM_RESEND)
1168 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1169 strrst->sent = SCTP_DATAGRAM_RESEND;
1170 strrst->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1171
1172 /* restart the timer */
1173 sctp_timer_start(SCTP_TIMER_TYPE_STRRESET, inp, stcb, alt);
1174 return (0);
1175 }
1176
1177 int
sctp_asconf_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1178 sctp_asconf_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1179 struct sctp_nets *net)
1180 {
1181 struct sctp_nets *alt;
1182 struct sctp_tmit_chunk *asconf, *chk;
1183
1184 /* is this a first send, or a retransmission? */
1185 if (TAILQ_EMPTY(&stcb->asoc.asconf_send_queue)) {
1186 /* compose a new ASCONF chunk and send it */
1187 sctp_send_asconf(stcb, net, SCTP_ADDR_NOT_LOCKED);
1188 } else {
1189 /*
1190 * Retransmission of the existing ASCONF is needed
1191 */
1192
1193 /* find the existing ASCONF */
1194 asconf = TAILQ_FIRST(&stcb->asoc.asconf_send_queue);
1195 if (asconf == NULL) {
1196 return (0);
1197 }
1198 net = asconf->whoTo;
1199 /* do threshold management */
1200 if (sctp_threshold_management(inp, stcb, net,
1201 stcb->asoc.max_send_times)) {
1202 /* Assoc is over */
1203 return (1);
1204 }
1205 if (asconf->snd_count > stcb->asoc.max_send_times) {
1206 /*
1207 * Something is rotten: our peer is not responding
1208 * to ASCONFs but apparently is to other chunks.
1209 * i.e. it is not properly handling the chunk type
1210 * upper bits. Mark this peer as ASCONF incapable
1211 * and cleanup.
1212 */
1213 SCTPDBG(SCTP_DEBUG_TIMER1, "asconf_timer: Peer has not responded to our repeated ASCONFs\n");
1214 sctp_asconf_cleanup(stcb);
1215 return (0);
1216 }
1217 /*
1218 * cleared threshold management, so now backoff the net and
1219 * select an alternate
1220 */
1221 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1222 alt = sctp_find_alternate_net(stcb, net, 0);
1223 if (asconf->whoTo != alt) {
1224 asconf->whoTo = alt;
1225 atomic_add_int(&alt->ref_count, 1);
1226 }
1227
1228 /* See if an ECN Echo is also stranded */
1229 TAILQ_FOREACH(chk, &stcb->asoc.control_send_queue, sctp_next) {
1230 if ((chk->whoTo == net) &&
1231 (chk->rec.chunk_id.id == SCTP_ECN_ECHO)) {
1232 sctp_free_remote_addr(chk->whoTo);
1233 chk->whoTo = alt;
1234 if (chk->sent != SCTP_DATAGRAM_RESEND) {
1235 chk->sent = SCTP_DATAGRAM_RESEND;
1236 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1237 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1238 }
1239 atomic_add_int(&alt->ref_count, 1);
1240 }
1241 }
1242 TAILQ_FOREACH(chk, &stcb->asoc.asconf_send_queue, sctp_next) {
1243 if (chk->whoTo != alt) {
1244 sctp_free_remote_addr(chk->whoTo);
1245 chk->whoTo = alt;
1246 atomic_add_int(&alt->ref_count, 1);
1247 }
1248 if (asconf->sent != SCTP_DATAGRAM_RESEND && chk->sent != SCTP_DATAGRAM_UNSENT)
1249 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1250 chk->sent = SCTP_DATAGRAM_RESEND;
1251 chk->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1252 }
1253 if ((net->dest_state & SCTP_ADDR_REACHABLE) == 0) {
1254 /*
1255 * If the address went un-reachable, we need to move
1256 * to the alternate for ALL chunks in queue
1257 */
1258 sctp_move_chunks_from_net(stcb, net);
1259 }
1260 sctp_free_remote_addr(net);
1261
1262 /* mark the retran info */
1263 if (asconf->sent != SCTP_DATAGRAM_RESEND)
1264 sctp_ucount_incr(stcb->asoc.sent_queue_retran_cnt);
1265 asconf->sent = SCTP_DATAGRAM_RESEND;
1266 asconf->flags |= CHUNK_FLAGS_FRAGMENT_OK;
1267
1268 /* send another ASCONF if any and we can do */
1269 sctp_send_asconf(stcb, alt, SCTP_ADDR_NOT_LOCKED);
1270 }
1271 return (0);
1272 }
1273
1274 /* Mobility adaptation */
1275 void
sctp_delete_prim_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1276 sctp_delete_prim_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1277 {
1278 if (stcb->asoc.deleted_primary == NULL) {
1279 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: deleted_primary is not stored...\n");
1280 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1281 return;
1282 }
1283 SCTPDBG(SCTP_DEBUG_ASCONF1, "delete_prim_timer: finished to keep deleted primary ");
1284 SCTPDBG_ADDR(SCTP_DEBUG_ASCONF1, &stcb->asoc.deleted_primary->ro._l_addr.sa);
1285 sctp_free_remote_addr(stcb->asoc.deleted_primary);
1286 stcb->asoc.deleted_primary = NULL;
1287 sctp_mobility_feature_off(inp, SCTP_MOBILITY_PRIM_DELETED);
1288 return;
1289 }
1290
1291 /*
1292 * For the shutdown and shutdown-ack, we do not keep one around on the
1293 * control queue. This means we must generate a new one and call the general
1294 * chunk output routine, AFTER having done threshold management.
1295 * It is assumed that net is non-NULL.
1296 */
1297 int
sctp_shutdown_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1298 sctp_shutdown_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1299 struct sctp_nets *net)
1300 {
1301 struct sctp_nets *alt;
1302
1303 /* first threshold management */
1304 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1305 /* Assoc is over */
1306 return (1);
1307 }
1308 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1309 /* second select an alternative */
1310 alt = sctp_find_alternate_net(stcb, net, 0);
1311
1312 /* third generate a shutdown into the queue for out net */
1313 sctp_send_shutdown(stcb, alt);
1314
1315 /* fourth restart timer */
1316 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN, inp, stcb, alt);
1317 return (0);
1318 }
1319
1320 int
sctp_shutdownack_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1321 sctp_shutdownack_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1322 struct sctp_nets *net)
1323 {
1324 struct sctp_nets *alt;
1325
1326 /* first threshold management */
1327 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1328 /* Assoc is over */
1329 return (1);
1330 }
1331 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1332 /* second select an alternative */
1333 alt = sctp_find_alternate_net(stcb, net, 0);
1334
1335 /* third generate a shutdown into the queue for out net */
1336 sctp_send_shutdown_ack(stcb, alt);
1337
1338 /* fourth restart timer */
1339 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNACK, inp, stcb, alt);
1340 return (0);
1341 }
1342
1343 static void
sctp_audit_stream_queues_for_size(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1344 sctp_audit_stream_queues_for_size(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1345 {
1346 struct sctp_stream_queue_pending *sp;
1347 unsigned int i, chks_in_queue = 0;
1348 int being_filled = 0;
1349
1350 KASSERT(inp != NULL, ("inp is NULL"));
1351 KASSERT(stcb != NULL, ("stcb is NULL"));
1352 SCTP_TCB_LOCK_ASSERT(stcb);
1353 KASSERT(TAILQ_EMPTY(&stcb->asoc.send_queue), ("send_queue not empty"));
1354 KASSERT(TAILQ_EMPTY(&stcb->asoc.sent_queue), ("sent_queue not empty"));
1355
1356 if (stcb->asoc.sent_queue_retran_cnt) {
1357 SCTP_PRINTF("Hmm, sent_queue_retran_cnt is non-zero %d\n",
1358 stcb->asoc.sent_queue_retran_cnt);
1359 stcb->asoc.sent_queue_retran_cnt = 0;
1360 }
1361 if (stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1362 /* No stream scheduler information, initialize scheduler */
1363 stcb->asoc.ss_functions.sctp_ss_init(stcb, &stcb->asoc);
1364 if (!stcb->asoc.ss_functions.sctp_ss_is_empty(stcb, &stcb->asoc)) {
1365 /* yep, we lost a stream or two */
1366 SCTP_PRINTF("Found additional streams NOT managed by scheduler, corrected\n");
1367 } else {
1368 /* no streams lost */
1369 stcb->asoc.total_output_queue_size = 0;
1370 }
1371 }
1372 /* Check to see if some data queued, if so report it */
1373 for (i = 0; i < stcb->asoc.streamoutcnt; i++) {
1374 if (!TAILQ_EMPTY(&stcb->asoc.strmout[i].outqueue)) {
1375 TAILQ_FOREACH(sp, &stcb->asoc.strmout[i].outqueue, next) {
1376 if (sp->msg_is_complete)
1377 being_filled++;
1378 chks_in_queue++;
1379 }
1380 }
1381 }
1382 if (chks_in_queue != stcb->asoc.stream_queue_cnt) {
1383 SCTP_PRINTF("Hmm, stream queue cnt at %d I counted %d in stream out wheel\n",
1384 stcb->asoc.stream_queue_cnt, chks_in_queue);
1385 }
1386 if (chks_in_queue) {
1387 /* call the output queue function */
1388 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_T3, SCTP_SO_NOT_LOCKED);
1389 if ((TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1390 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1391 /*
1392 * Probably should go in and make it go back through
1393 * and add fragments allowed
1394 */
1395 if (being_filled == 0) {
1396 SCTP_PRINTF("Still nothing moved %d chunks are stuck\n",
1397 chks_in_queue);
1398 }
1399 }
1400 } else {
1401 SCTP_PRINTF("Found no chunks on any queue tot:%lu\n",
1402 (u_long)stcb->asoc.total_output_queue_size);
1403 stcb->asoc.total_output_queue_size = 0;
1404 }
1405 }
1406
1407 int
sctp_heartbeat_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1408 sctp_heartbeat_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb,
1409 struct sctp_nets *net)
1410 {
1411 bool net_was_pf;
1412
1413 net_was_pf = (net->dest_state & SCTP_ADDR_PF) != 0;
1414 if (net->hb_responded == 0) {
1415 if (net->ro._s_addr != NULL) {
1416 /*
1417 * Invalidate the src address if we did not get a
1418 * response last time.
1419 */
1420 sctp_free_ifa(net->ro._s_addr);
1421 net->ro._s_addr = NULL;
1422 net->src_addr_selected = 0;
1423 }
1424 sctp_backoff_on_timeout(stcb, net, 1, 0, 0);
1425 if (sctp_threshold_management(inp, stcb, net, stcb->asoc.max_send_times)) {
1426 /* Assoc is over */
1427 return (1);
1428 }
1429 }
1430 /* Zero PBA, if it needs it */
1431 if (net->partial_bytes_acked > 0) {
1432 net->partial_bytes_acked = 0;
1433 }
1434 if ((stcb->asoc.total_output_queue_size > 0) &&
1435 (TAILQ_EMPTY(&stcb->asoc.send_queue)) &&
1436 (TAILQ_EMPTY(&stcb->asoc.sent_queue))) {
1437 sctp_audit_stream_queues_for_size(inp, stcb);
1438 }
1439 if ((((net->dest_state & SCTP_ADDR_NOHB) == 0) ||
1440 (net->dest_state & SCTP_ADDR_UNCONFIRMED)) &&
1441 (net_was_pf || ((net->dest_state & SCTP_ADDR_PF) == 0))) {
1442 /*
1443 * When moving to PF during threshold management, a HB has
1444 * been queued in that routine.
1445 */
1446 uint32_t ms_gone_by;
1447
1448 if ((net->last_sent_time.tv_sec > 0) ||
1449 (net->last_sent_time.tv_usec > 0)) {
1450 struct timeval diff;
1451
1452 SCTP_GETTIME_TIMEVAL(&diff);
1453 timevalsub(&diff, &net->last_sent_time);
1454 ms_gone_by = (uint32_t)(diff.tv_sec * 1000) +
1455 (uint32_t)(diff.tv_usec / 1000);
1456 } else {
1457 ms_gone_by = 0xffffffff;
1458 }
1459 if ((ms_gone_by >= net->heart_beat_delay) ||
1460 (net->dest_state & SCTP_ADDR_UNCONFIRMED) ||
1461 (net->dest_state & SCTP_ADDR_PF)) {
1462 sctp_send_hb(stcb, net, SCTP_SO_NOT_LOCKED);
1463 }
1464 }
1465 return (0);
1466 }
1467
1468 void
sctp_pathmtu_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb,struct sctp_nets * net)1469 sctp_pathmtu_timer(struct sctp_inpcb *inp,
1470 struct sctp_tcb *stcb,
1471 struct sctp_nets *net)
1472 {
1473 uint32_t next_mtu, mtu;
1474
1475 next_mtu = sctp_get_next_mtu(net->mtu);
1476
1477 if ((next_mtu > net->mtu) && (net->port == 0)) {
1478 if ((net->src_addr_selected == 0) ||
1479 (net->ro._s_addr == NULL) ||
1480 (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1481 if ((net->ro._s_addr != NULL) && (net->ro._s_addr->localifa_flags & SCTP_BEING_DELETED)) {
1482 sctp_free_ifa(net->ro._s_addr);
1483 net->ro._s_addr = NULL;
1484 net->src_addr_selected = 0;
1485 } else if (net->ro._s_addr == NULL) {
1486 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1487 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1488 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1489
1490 /* KAME hack: embed scopeid */
1491 (void)sa6_embedscope(sin6, MODULE_GLOBAL(ip6_use_defzone));
1492 }
1493 #endif
1494
1495 net->ro._s_addr = sctp_source_address_selection(inp,
1496 stcb,
1497 (sctp_route_t *)&net->ro,
1498 net, 0, stcb->asoc.vrf_id);
1499 #if defined(INET6) && defined(SCTP_EMBEDDED_V6_SCOPE)
1500 if (net->ro._l_addr.sa.sa_family == AF_INET6) {
1501 struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)&net->ro._l_addr;
1502
1503 (void)sa6_recoverscope(sin6);
1504 }
1505 #endif /* INET6 */
1506 }
1507 if (net->ro._s_addr)
1508 net->src_addr_selected = 1;
1509 }
1510 if (net->ro._s_addr) {
1511 mtu = SCTP_GATHER_MTU_FROM_ROUTE(net->ro._s_addr, &net->ro._s_addr.sa, net->ro.ro_nh);
1512 #if defined(INET) || defined(INET6)
1513 if (net->port) {
1514 mtu -= sizeof(struct udphdr);
1515 }
1516 #endif
1517 if (mtu > next_mtu) {
1518 net->mtu = next_mtu;
1519 } else {
1520 net->mtu = mtu;
1521 }
1522 }
1523 }
1524 /* restart the timer */
1525 sctp_timer_start(SCTP_TIMER_TYPE_PATHMTURAISE, inp, stcb, net);
1526 }
1527
1528 void
sctp_autoclose_timer(struct sctp_inpcb * inp,struct sctp_tcb * stcb)1529 sctp_autoclose_timer(struct sctp_inpcb *inp, struct sctp_tcb *stcb)
1530 {
1531 struct timeval tn, *tim_touse;
1532 struct sctp_association *asoc;
1533 uint32_t ticks_gone_by;
1534
1535 (void)SCTP_GETTIME_TIMEVAL(&tn);
1536 if (stcb->asoc.sctp_autoclose_ticks > 0 &&
1537 sctp_is_feature_on(inp, SCTP_PCB_FLAGS_AUTOCLOSE)) {
1538 /* Auto close is on */
1539 asoc = &stcb->asoc;
1540 /* pick the time to use */
1541 if (asoc->time_last_rcvd.tv_sec >
1542 asoc->time_last_sent.tv_sec) {
1543 tim_touse = &asoc->time_last_rcvd;
1544 } else {
1545 tim_touse = &asoc->time_last_sent;
1546 }
1547 /* Now has long enough transpired to autoclose? */
1548 ticks_gone_by = sctp_secs_to_ticks((uint32_t)(tn.tv_sec - tim_touse->tv_sec));
1549 if (ticks_gone_by >= asoc->sctp_autoclose_ticks) {
1550 /*
1551 * autoclose time has hit, call the output routine,
1552 * which should do nothing just to be SURE we don't
1553 * have hanging data. We can then safely check the
1554 * queues and know that we are clear to send
1555 * shutdown
1556 */
1557 sctp_chunk_output(inp, stcb, SCTP_OUTPUT_FROM_AUTOCLOSE_TMR, SCTP_SO_NOT_LOCKED);
1558 /* Are we clean? */
1559 if (TAILQ_EMPTY(&asoc->send_queue) &&
1560 TAILQ_EMPTY(&asoc->sent_queue)) {
1561 /*
1562 * there is nothing queued to send, so I'm
1563 * done...
1564 */
1565 if (SCTP_GET_STATE(stcb) != SCTP_STATE_SHUTDOWN_SENT) {
1566 /* only send SHUTDOWN 1st time thru */
1567 struct sctp_nets *net;
1568
1569 if ((SCTP_GET_STATE(stcb) == SCTP_STATE_OPEN) ||
1570 (SCTP_GET_STATE(stcb) == SCTP_STATE_SHUTDOWN_RECEIVED)) {
1571 SCTP_STAT_DECR_GAUGE32(sctps_currestab);
1572 }
1573 SCTP_SET_STATE(stcb, SCTP_STATE_SHUTDOWN_SENT);
1574 sctp_stop_timers_for_shutdown(stcb);
1575 if (stcb->asoc.alternate) {
1576 net = stcb->asoc.alternate;
1577 } else {
1578 net = stcb->asoc.primary_destination;
1579 }
1580 sctp_send_shutdown(stcb, net);
1581 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWN,
1582 stcb->sctp_ep, stcb, net);
1583 sctp_timer_start(SCTP_TIMER_TYPE_SHUTDOWNGUARD,
1584 stcb->sctp_ep, stcb, NULL);
1585 }
1586 }
1587 } else {
1588 /*
1589 * No auto close at this time, reset t-o to check
1590 * later
1591 */
1592 uint32_t tmp;
1593
1594 /* fool the timer startup to use the time left */
1595 tmp = asoc->sctp_autoclose_ticks;
1596 asoc->sctp_autoclose_ticks -= ticks_gone_by;
1597 sctp_timer_start(SCTP_TIMER_TYPE_AUTOCLOSE, inp, stcb, NULL);
1598 /* restore the real tick value */
1599 asoc->sctp_autoclose_ticks = tmp;
1600 }
1601 }
1602 }
1603